How to Protect Embedded Linux with Star Lab’s Kevlar Embedded Security

Embedded device security is an overwhelming task. Either there are innumerable requirements, no requirements, or you are tasked with writing your own internal requirements.

At the end of the day, even if you’ve addressed all of these requirements, will that have been adequate to keep your device secure? Maybe not. That’s because your embedded device just might end up in the hands of an attacker...quite literally. Therefore, ensuring your software and data is safe when (not if) an attacker breaks in is essential. This is why, while it’s tempting to jump into identifying security solutions that “check the box” for your requirements, it’s often more helpful to start by first taking a step back.

ProductsJonathan KlineJune 14, 2022Allowlisting, Whitelisting, Kernel

KASAN: What is it? How does it work? And what are the strange numbers at the end?

Achieving memory safety is hard. Code is written by humans, and humans are bound to make mistakes. Tack on pointer arithmetic and strict aliasing and the situation only becomes more complex. ZDNet recently posted an article stating that 70 percent of all (Microsoft) security bugs are memory safety issues, and I would guess that this statistic is not specific to Microsoft. In LLVM 3.1 and in GCC 4.8, the compilers introduced the -fsanitize=address option and the asan libraries for user-space applications to be built with the Address Sanitizer.

LinuxDan RobertsonDecember 11, 2019Linux, Kernel

Using `gdb` to Debug the Linux Kernel

There are many great tools that are useful for debugging the Linux kernel, including good old-fashioned printk, ftrace, and kgdb. In this post we’ll be exploring how to use the kernel debugger (kgdb) to debug a QEMU VM, although some of the techniques below may be applied to debugging via hardware interfaces like JTAG. Using gdb as a front-end for the kernel debugger allows us to debug the kernel in the familiar and powerful debugging interface of gdb.